Monday, March 9, 2015

Creating a Minimalist CentOS Home Server

It's about time I wrote this, so here we go. I built a little NAS/home server over Christmas time a few months ago. It's based on a FM2 3.5Ghz dual core, a mATX Gigabyte board with eight Sata3 ports, and currently has three 4TB hard drives. I've been jumping between what OS to run on it for a while: first it had Arch, then some Debian, FreeBSD and now here we are at CentOS.

Why? Arch was stable but for fear of things going bad (Arch is not meant to be a server), I switched to Debian which had consistent issues with full network bandwidth causing the Ethernet driver to crash. I had high hopes for BSD then realized they dont support XFS anymore which means I couldn't mount my data drives. So here goes CentOS.

While this is meant for CentOS, most commands are similar and software names are the same, so it can be used as reference for other systems.


Requirements

Obviously, the first thing you'll need is a computer, but I guess the installer files are good too. They can be found here on the CentOS site. I used the minimal build found on the bottom left of the page. Unless you like living in the stone age, there is no point to using a CD or DVD, so grab a USB stick and use this Win32DiskImage utility to write the image to a USB stick.

Also, you'll need some time. The install only took a few minutes, but the majority of the time will be spent on configuring and installing software after the install of CentOS.


Installation

This is pretty straight forward. There are not many options, so no changes are really needed. Fill out all the forms and be sure to create a user account along with a root user.


Configuration

SSH

SSH may be blocked by the default firewall service firewalld. Simply run the folowing to open the ports:
firewall-cmd --permanent --zone=public --add-service=samba
firewall-cmd --reload

FSTAB

The data drives need to be mounted on system start-up. This is done with fstab which is located at /etc/fstab. Using the following command I found the UUIDs of my data drives:
blkid

I then created mount points in /mnt and added the following lines to the fstab:
UUID=fbea912f-7a10-4e86-b5ed-32db97a36778       /mnt/4TB.1              xfs     defaults        0 2
UUID=72430954-62c2-4b71-97e7-3aad660b30c5       /mnt/4TB.2              xfs     defaults        0 2
UUID=c6a421e9-a9df-4ccb-8f6a-3794ecc12c4b       /mnt/4TB.3              xfs     defaults        0 2

Samba Shares

Next we need to share these drives with the network. Only Windows machines will be accessing it, so Samba file sharing is used.
yum install samba samba-client

Next, open the config file:
nano /etc/samba/smb.conf

You'll probably want to change the workgroup and server strings. Then find the Share Definitions section near the bottom and add something like so:
[sharename]
comment = description
path = /path/to/directory
guest ok = no
browseable = yes
writable = yes

Next, we need to set the selinux context so the data hard drives to be used remotely and set permissions(otherwise they just don't show up remotely). Also, SELinux can be disabled in /etc/selinux/config if you don't want to deal with it.
chcon -R -t samba_share_t /mnt/4TB.*
chmod -R 777 /mnt/4TB.*

Next the samba user needs to be created.
smbpasswd -a username

Then make the samba server start on bootup:
systemctl enable smb.service
systemctl enable nmb.service
systemctl restart smb.service
systemctl restart nmb.service

Finally, allow it through the firewall:
firewall-cmd --permanent --zone=public --add-service=samba
firewall-cmd --reload

While this samba configuration isn't very complex, it is simple and provides all the functionality I need.


Plex Media Server

Go to the Plex downloads page here and get the latest link for the CentOS rpm package. Then run:
yum install wget
wget {link to rpm from above}
yum localinstall {package from previous line}

Next we need to fix issues with selinux and the firewall again.
nano /usr/lib/firewalld/services/plexmediaserver.xml

and paste in the following:
<?xml version="1.0" encoding="utf-8"?>
<service version="1.0">
  <short>plexmediaserver</short>
  <description>Plex TV Media Server</description>
  <port port="1900" protocol="udp"/>
  <port port="5353" protocol="udp"/>
  <port port="32400" protocol="tcp"/>
  <port port="32410" protocol="udp"/>
  <port port="32412" protocol="udp"/>
  <port port="32413" protocol="udp"/>
  <port port="32414" protocol="udp"/>
  <port port="32469" protocol="tcp"/>
</service>

Then add the service and reload the firewall:
firewall-cmd --permanent --zone=public --add-service=plexmediaserver
firewall-cmd --reload

At this point I was tired of dealing with selinux, so I just disabled it. This makes the chcon command in the samba setup irrelevant. Do this by editing /etc/selinux/config and setting selinux to disabled.
nano /etc/selinux/config

Finally, enable and start the Plex service:
systemctl enable plexmediaserver
systemctl start plexmediaserver


FTP Server

In this case i'll be using VSFTPD, which is a nice lightweight server: perfect for my uses. Install it and then start the service:
yum install vsftpd

Next edit the config and set the options below:
nano /etc/vsftpd/vsftpd.conf

anonymous_enable=NO
local_enable=YES
ascii_upload_enable=YES
ascii_download_enable=YES
ftpd_banner=
use_localtime=YES

We also need to change SELinux and the firewall again. 
setsebool -P ftp_home_dir on
firewall-cmd --permanent --zone=public --add-service=ftp
firewall-cmd --reload

Finally, enable the service:
systemctl enable vsftpd
systemctl start vsftpd


FTP Client

Since this is a headless server, a regular gui ftp client wont do. rather than using the default ftp terminal client, i'll be using lftp. It's available in the yum repository:
yum install lftp

lftp downloads content to the directory it is executed from, so change to the downloads directory first. Start lftp like so
lftp ftp://username@Your.Server.ip

You can then navigate your server's file directory using the usual linux cd command. Using the following commands you can download single files and directories with n being the number of simultaneous connections. 
pget -n 5 FileName
mirror --use-pget-n=5 DirectoryName

It also has a queue feature. Simply add queue before the previous commands and it adds the files to the queue. Enter queue stop before adding any files to prevent immediate downloading. queue -d  to clear the queue. Use  job -v  to list the current download and queue to view the queue. To stop transfers enter kill or kill 1 where 1 is the queue number.

lftp can run in the background so downloads can be started via a ssh session without having to maintain the connection. To re-open the lftp session simply type pgrep lftp in your Linux shell and then start lftp and enter attach {PID from pgrep}


X server and qbittorrent

The qbittorrent graphical torrent client is used because it was the only client that supported rss feeds which I use through showrss for auto downloading. This is sloppy because its mainly here for my future reference.....

Install the X server and configure:
yum groupinstall "X Window System"
yum groupinstall "Fonts"
yum install xorg-x11-font-utils.x86_64 xorg-x11-fonts-100dpi.noarch xorg-x11-fonts-75dpi.noarch xorg-x11-fonts-Type1.noarch xorg-x11-xauth.x86_64 libX11.x86_64 dbus-x11.x86_64 xorg-x11-server-utils.x86_64 xorg-x11-xkb-utils.x86_64 xterm xorg-x11-xinit xorg-x11-font-utils xorg-x11-fonts-Type1 libX11-common xorg-x11-xauth libX11 dbus-x11 xorg-x11-server-utils xorg-x11-xkb-util
X -configure
copy the new config from root to /etc/X11/xorg.conf

autologin
edit /etc/systemd/system/getty.target.wants/getty\@tty1.service and change
ExecStart=-/sbin/agetty  –noclear %I $TERM
to
ExecStart=-/sbin/agetty --autologin <USER> --noclear %I $TERM

autostart X
edit  ~/.bash_profile and add the following at the end:
if [[ ! $DISPLAY && $XDG_VTNR -eq 1 ]]; then
 exec xinit -- /usr/bin/X -config xorg.conf
fi


get TWM from centos 6 repositort and install
wget http://mirror.centos.org/centos/6/os/x86_64/Packages/xorg-x11-twm-1.0.3-5.1.el6.x86_64.rpm
rpm -ivh --nodeps xorg-x11-twm-1.0.3-5.1.el6.x86_64.rpm



install the EPEL repository for qbittorrent
wget http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
rpm -ivh epel-release-latest-7.noarch.rpm
yum install qbittorrent


make a graphical service for qbittorrent in /etc/systemd/system/qbittorrent.service
[Unit]
Description=Start qbittorrent
PartOf=multi-user.target

[Service]
User=foo
Environment="DISPLAY=:0"
ExecStart=/usr/bin/qbittorrent
ExecStop=/usr/bin/pkill -f 'qbittorrent'

[Install]
WantedBy=xsession.target


install tigervnc-server with yum


make /etc/systemd/system/x0vncserver.service
[Unit]
Description=Remote desktop service (VNC)
After=network-online.target
PartOf=multi-user.target

[Service]
Type=forking
User=foo
ExecStart=/usr/bin/sh -c '/usr/bin/x0vncserver -display :0 -rfbport 5900 -passwordfile /home/foo/.vnc/passwd
ExecStop=/usr/bin/pkill -f 'vnc'

[Install]
WantedBy=xsession.target


create xsession.target as /etc/systemd/system/xsession.target
[Unit]
Description=Xsession running
BindsTo=multi-user.target


enable the qbittorrent and vnc services


edit sudoers file and add this to the end
foo ALL=(ALL) NOPASSWD: /usr/bin/systemctl --no-block start xsession.target



edit /home/foo/.xinitrc and add the following to the file
sudo /usr/bin/systemctl --no-block start xsession.target
/usr/bin/twm



Now go in and setup qbittorrent. Set the webui to a different port (as 80 doesnt seem to work) and forward it in the firewall (see below). It is then accessible at server_ip:WEBUI_PORT


If HTTPS is desired, do:

mkdir ~/.config/qBittorrent/ssl
cd ~/.config/qBittorrent/ssl
openssl req -new -x509 -nodes -out server.crt -keyout server.key

Then enable https in the qbittorrent settings and select the generated files from above command. webui is then found at https://server_ip:WEBUI_PORT


Set the torrent port and forward that as well. Both of these then need to be forwarded in your router. Port checkers are useful here. use ipleak to check your ip is properly setup ;)


Go to the View menu in qbittorrent and enable the RSS Reader. Add the a feed with the new subscription button. click rss downloader, add a rule, ensure all fields are blank and select the previously added feed.


Of course, firewall exceptions need to be added.
firewall-cmd --permanent --zone=public --add-port=5900/tcp
firewall-cmd --permanent --zone=public --add-port=WEBUI_PORT/tcp
firewall-cmd --permanent --zone=public --add-port=TORRENT_PORT/tcp
firewall-cmd --reload


Filebot

Perhaps the most vital part to this is Filebot: a program which automatically runs after a downlaod is complete, renames it, and finally puts it in a nice organized directory where the Plex Server can addit to the library. Automatically. It's awesome. Paired with a RSS feed with the latest media in rTorrent, this is amazing. 

Filebot requires Java 8 so get that from oracle and install it:
wget <the linux x64 rpm from link above>

yum localinstall <above rpm>

Next grab the Filebot portable package
mkdir ~/scripts/filebot
cd ~/scripts/filebot

wget https://archrepo.000webhostapp.com/lostpkg/FileBot_4.7.9-portable.tar.xz

7za -x FileBot_4.7.9-portable.zip

Add the following to the Run external program on torrent completion box in qbittorrent download settings. Note the gmail option uses an app password, not your actual password.  Also you need a plex token.
/home/foo/scripts/filebot/filebot.sh -script fn:amc --output "/media/root/location" --log-file /home/foo/scripts/filebot/amc.log --action duplicate --conflict override -non-strict --def excludeList=/home/foo/scripts/filebot/amc.excludes plex=127.0.0.1:token gmail=user:apppassword "seriesFormat=/tv/save/location/{n}/Season {s}/{n} - {sxe} - {t}" "animeFormat=/anime/save/location/{n}/{n} - {e} - {t}" "movieFormat=/movie/save/location/{n} ({y})" "musicFormat=/music/save/location/{n}/{n} - {t}" unsorted=y music=y artwork=y "ut_dir=%F" "ut_kind=multi" "ut_title=%N" "ut_label=%L"

Conclusion

So, there we go. Everything I need in a basic home NAS.

1 comment:

  1. Really miss ya, Jordan. You were really doing some interesting projects and I wish I had your savvy! If this is your last post, I wish you well!!!

    ReplyDelete